Unable to log in as autogenerated admin user after installing Nextcloud-AIO

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • Nextcloud-AIO version 10.3.0
  • Operating system and version (e.g., Ubuntu 24.04):
    • OpenMediaVault 7.4.16-1 (Sandworm) - this is based on Debian 12 ( Bookworm)
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • Caddy 2.9.1
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • As soon as I had gotten the Nextcloud-AIO installer to properly validate my domain, about two days ago
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • AIO
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • No; Cloudflare handles my DNS but I don’t use their proxy

Summary of the issue you are facing:

Upon completing Nextcloud-AIO installation, I was provided with an admin username with an autogenerated password. When I copied those credentials directly into the Nextcloud login, I got an error message:

Temporary error
Please try again.

I cannot log in with the basic admin credentials Nextcloud has provided me.

Steps to replicate it (hint: details matter!):

  1. Install Nextcloud-AIO behind Caddy Reverse Proxy using this Caddyfile and these Docker-Compose files
  2. Open the Nextcloud-AIO setup at https://<IP address of server>:5050
  3. Submit the intended domain (in this case, we’ll call it cloud.example.com
  4. After Nextcloud-AIO has set up and all the included containers are running, navigate to https://cloud.example.com and attempt to log in to Nextcloud using the admin account and the password provided in the Nextcloud-AIO setup process

Log entries

Nextcloud

There is no content in nextcloud.log, although I notice that the entire nextcloud_data folder is owned by www-data:root, which is different than the user I have running Docker.

Configuration

Nextcloud

{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "cloud.example.com",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "cloud.xanderwhart.us"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "30.0.4.1",
        "overwrite.cli.url": "https:\/\/cloud.example.com\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "loglevel": 2,
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": 10485760,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": 2048,
        "preview_max_y": 2048,
        "jpeg_quality": 60,
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary",
            "23": "OC\\Preview\\ImaginaryPDF"
        },
        "enable_previews": true,
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": 30,
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "updatedirectory": "\/nc-updater",
        "maintenance_window_start": 100,
        "allow_local_remote_servers": true,
        "davstorage.request_timeout": 3600,
        "documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
        "htaccess.RewriteBase": "\/",
        "dbpersistent": false,
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "files_external_allow_create_new_local": false,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "DOMAIN": "cloud.example.com"
    }
}

Apps

Enabled:
  - activity: 3.0.0
  - admin_audit: 1.20.0
  - app_api: 4.0.3
  - bruteforcesettings: 3.0.0
  - calendar: 5.0.9
  - circles: 30.0.0
  - cloud_federation_api: 1.13.0
  - comments: 1.20.1
  - contacts: 6.1.3
  - contactsinteraction: 1.11.0
  - dashboard: 7.10.0
  - dav: 1.31.1
  - deck: 1.14.3
  - federatedfilesharing: 1.20.0
  - federation: 1.20.0
  - files: 2.2.0
  - files_downloadlimit: 3.0.0
  - files_pdfviewer: 3.0.0
  - files_reminders: 1.3.0
  - files_sharing: 1.22.0
  - files_trashbin: 1.20.1
  - files_versions: 1.23.0
  - firstrunwizard: 3.0.0
  - logreader: 3.0.0
  - lookup_server_connector: 1.18.0
  - nextcloud-aio: 0.7.0
  - nextcloud_announcements: 2.0.0
  - notes: 4.11.0
  - notifications: 3.0.0
  - notify_push: 1.0.0
  - oauth2: 1.18.1
  - password_policy: 2.0.0
  - photos: 3.0.2
  - privacy: 2.0.0
  - provisioning_api: 1.20.0
  - recommendations: 3.0.0
  - related_resources: 1.5.0
  - richdocuments: 8.5.3
  - serverinfo: 2.0.0
  - settings: 1.13.0
  - sharebymail: 1.20.0
  - spreed: 20.1.3
  - support: 2.0.0
  - survey_client: 2.0.0
  - systemtags: 1.20.0
  - tasks: 0.16.1
  - text: 4.1.0
  - theming: 2.5.0
  - twofactor_backupcodes: 1.19.0
  - twofactor_totp: 12.0.0-dev
  - user_status: 1.10.0
  - viewer: 3.0.0
  - weather_status: 1.10.0
  - webhook_listeners: 1.1.0-dev
  - workflowengine: 2.12.0
Disabled:
  - encryption: 2.18.0
  - files_external: 1.22.0
  - suspicious_login: 8.0.0
  - twofactor_nextcloud_notification: 4.0.0
  - user_ldap: 1.21.0

Other notes

As mentioned above, I notice that there’s a discrepancy between the user Docker uses and the permissions of my nextcloud_data directory. Docker is set to run with a user named appuser, with limited permissions. This user is not in the root group, so it does not have access to nextcloud_data, which has chmod 666 permissions for www-data:root.

This is where I’d start my troubleshooting. Is it safe/prudent to simply change the ownership of the nextcloud_data directory and its contents? Or does Nextcloud somehow rely upon that exact ownership?

I’m open to all assistance; I may be barking up the wrong tree here.

Thank you.

I asked for help on another forum and was told that Nextcloud assigns all files to the user www-data, so this discrepancy in directory permissions is to be expected.

Without that, I have no idea why I’m encountering this behavior.

My log contains several of these messages, seemingly corresponding with attempts I make to log in:

{"reqId":"DaMNn69qCv5nKViXjD6b","level":3,"time":"2025-02-06T06:02:54+00:00","remoteAddr":"172.20.0.2","user":"--","app":"no app in context","method":"POST","url":"/login","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0","version":"30.0.5.1","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Security/Crypto.php","line":98,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Session/CryptoSessionData.php","line":70,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Session/CryptoSessionData.php","line":47,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->","args":[]},{"file":"/var/www/html/lib/private/Session/CryptoWrapper.php","line":94,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->","args":[{"__class__":"OC\\Session\\Internal"},{"__class__":"OC\\Security\\Crypto"},"*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":402,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->","args":[{"__class__":"OC\\Session\\Internal"}]},{"file":"/var/www/html/lib/base.php","line":664,"function":"initSession","class":"OC","type":"::","args":[]},{"file":"/var/www/html/lib/base.php","line":1134,"function":"init","class":"OC","type":"::","args":[]},{"file":"/var/www/html/index.php","line":22,"args":["/var/www/html/lib/base.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Security/Crypto.php","Line":162,"message":"Could not decrypt or decode encrypted session data","exception":{},"CustomMessage":"Could not decrypt or decode encrypted session data"}}
{"reqId":"YIcTJ5g7rffJIMLbV8k7","level":3,"time":"2025-02-06T06:03:20+00:00","remoteAddr":"172.20.0.2","user":"--","app":"no app in context","method":"GET","url":"/nextcloud/index.php/apps/files/preview-service-worker.js","message":"Could not decrypt or decode encrypted session data","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0","version":"30.0.5.1","exception":{"Exception":"Exception","Message":"HMAC does not match.","Code":0,"Trace":[{"file":"/var/www/html/lib/private/Security/Crypto.php","line":98,"function":"decryptWithoutSecret","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Session/CryptoSessionData.php","line":70,"function":"decrypt","class":"OC\\Security\\Crypto","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/private/Session/CryptoSessionData.php","line":47,"function":"initializeSession","class":"OC\\Session\\CryptoSessionData","type":"->","args":[]},{"file":"/var/www/html/lib/private/Session/CryptoWrapper.php","line":94,"function":"__construct","class":"OC\\Session\\CryptoSessionData","type":"->","args":[{"__class__":"OC\\Session\\Internal"},{"__class__":"OC\\Security\\Crypto"},"*** sensitive parameters replaced ***"]},{"file":"/var/www/html/lib/base.php","line":402,"function":"wrapSession","class":"OC\\Session\\CryptoWrapper","type":"->","args":[{"__class__":"OC\\Session\\Internal"}]},{"file":"/var/www/html/lib/base.php","line":664,"function":"initSession","class":"OC","type":"::","args":[]},{"file":"/var/www/html/lib/base.php","line":1134,"function":"init","class":"OC","type":"::","args":[]},{"file":"/var/www/html/index.php","line":22,"args":["/var/www/html/lib/base.php"],"function":"require_once"}],"File":"/var/www/html/lib/private/Security/Crypto.php","Line":162,"message":"Could not decrypt or decode encrypted session data","exception":{},"CustomMessage":"Could not decrypt or decode encrypted session data"}}

Hm… Have you already tried this GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance. and then used the same working config from above?